Collaborate Disseminate
Perhaps the answer is no, and perhaps this is a dumb question. However I am trying to understand the underlying principles better.
My understanding of certificate signing process.
I generate a key pair.
I create a CSR. [CSR is essentially… Continue reading Is it possible to create a certificate for a key pair which I do not possess?
I have a ton of encrypted or hashed texts and their decrypted or de-hashed forms(I don’t know which term is suitable in this case, if you can teach it as well, I really appreciate) via bcrypt. The thing I want to learn for the educational … Continue reading How is the bcrypt algorithm decrypted?
There are a lot of arguments around whether web applications can implement end to end encryption. Most of the arguments against javascript based solutions are centered around the fact that the the communication under consideration is betwe… Continue reading Can end-to-end encryption be securely implemented on a web application?
If the intention of attacker is to execute an arbitrary client side script in the context of a web application, is XSS the only possible attack other than compromising the server with an RCE or a sub-resource supply chain att… Continue reading Is there a vulnerability other than XSS which can result in client side script execution?
There were two response headers which could be set by servers to instruct browsers to enable heuristics based reflected XSS detection and prevention in the past.
X-XSS Protection: 1; mode=block
Content-Security-Policy: refl… Continue reading What was the real reason for dropping reflected-xss directive from CSP?
victim.com – URL of the misconfigured application.
https://victim.com has an overly permissive crossdomain.xml at https://victim.com/crossdomain.xml.
<?xml version=”1.0″?>
<!DOCTYPE cross-domain-policy
SYS… Continue reading Inconsistent behavior while attempting to exploit a misconfigured flash crossdomain.xml
I have a site located at
https://gooddomain.com/wonderful?returnPath=goodThings
which redirects me to
https://gooddomain.com/somegoodplace/goodThings
At the server side, the redirect is defined by
String path = request… Continue reading Can a user be redirected to a malicious website if only a part of the url can be controlled by user input?
I am trying to analyze the possibility of accessing keystrokes from an iframe using a javascript running on the parent page. The potential attack which I am looking to verify is Cross Frame Scripting.
From the OWASP page, I read that the … Continue reading Can a javascript on parent page log keystrokes inside an iframe?
My intention is to analyze all network traffic which is coming to and originating from a network connected device I have. From the configurations of the device I am able to proxy all the HTTP traffic originating from the devi… Continue reading Can we use network hub as an MITM sniffing device?
I have been trying to simulate EternalBlue exploit on a system I own via FuzzBunch.
While playing around with Fuzz Bunch, I realized that there are a couple of options I am not very familiar with.
Questions:
What could I b… Continue reading What does ‘call back IP’ on FuzzBunch stand for?